XCP uses these techniques to install a proprietary media player that allows PC users to play music on the 20 CDs Sony BMG is protecting with this system. The CDs affected are only being sold in the US.

Soon after Mr Russinovich exposed how XCP worked security experts speculated that it would be easy to hijack the anti-piracy system to hide viruses.

Now anti-virus companies have discovered three malicious programs that use XCP's stealthy capabilities if they find it installed on a compromised PC.

Backdoor virus

Security firm Sophos said it had found a virus attached to a spam message posing as an e-mail from a British business magazine. The subject line of the message is: "Photo Approval Deadline".

Those opening and running the program attached to the mail will have their computer infected with the Stinx-E trojan. The virus is also known as Breplibot and Ryknos.

Sony was trying to stop illegal copying of its CDs

This virus opens a backdoor into infected machines and tries to download more malicious code from the net to further compromise an infected machine.

A bug in the code of the first variant of this virus prevented it working properly but now other versions of the malicious program are appearing that fix this problem.

So far the numbers of people caught out by the virus is thought to be very low.

Graham Cluley from Sophos said he expected other virus writers to start exploiting the Sony XCP code.

Sony apologised, saying it was working with computer security firms to address the problems.

The news came as more legal challenges to Sony's use of the anti-piracy program were being launched.

At last count, at least six class-action lawsuits have been started against the company.

As the Boycott Sony blog pointed out, the appearance of these viruses could make it much easier for lawyers to argue that the XCP software can cause real harm to a user's computer.